Version: v1.1.x

CVE-2026-54371

CVE Details

Visit the official vulnerability details page for CVE-2026-54371 to learn more.

Initial Publication

06/29/2026

Last Update

06/29/2026

Third Party Dependency

libattr

NIST CVE Summary

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.

CVE Severity

7.1

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Deferred

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.6	⚠️ Impacted	⚠️ Impacted
1.0.7	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​